package com.hewl.shiro.config;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

import org.apache.shiro.session.Session;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;

import com.hewl.shiro.admin.entity.SysUser;

public class UserFormAuthenticationFilter extends FormAuthenticationFilter {
	
	@Override
	protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
		// TODO Auto-generated method stub
		Subject subject = getSubject(request, response);
		
		if(!subject.isAuthenticated() && subject.isRemembered()) {
			Session session = subject.getSession(true);
			if(session.getAttribute("userInfo") == null) {
				SysUser dbUser = (SysUser)subject.getPrincipal();
				session.setAttribute("userInfo", dbUser);
			}
		}
		// 这个方法本来只返回 subject.isAuthenticated() 现在我们加上subject.isRemembered();
		// 让它同时也兼容 remember 这种情况
		return subject.isAuthenticated() || subject.isRemembered();
	}

}
